Brutkey

B'ad Samurai 🐐

@badsamurai@infosec.exchange

@neurovagrant@masto.deoan.org @cR0w@infosec.exchange

Nice. This was my favorite part.

I guess vulnerability testing in ai is only for curl

Interesting Observation Regarding OAST Domains
While testing I noticed something quite interesting. Claude is trained to refuse requests to common testing services like oast.me or Burp Collaborator.

But when I switched to a domain not associated with security testing, like wuzzi.net, it just worked…

cR0w
@cR0w@infosec.exchange

@badsamurai@infosec.exchange @neurovagrant@masto.deoan.org Slapping a limited block list on after shitty architecture and shitty engineering. Seems pretty on brand to me.